[ https://issues.apache.org/jira/browse/MESOS-4757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15172851#comment-15172851 ]
Jie Yu commented on MESOS-4757: ------------------------------- [~idownes] I don't we think we should change the owner/group of the sandbox according to information from a container which can be malicious. What do you think? > Mesos containerizer should get uid/gids before pivot_root. > ---------------------------------------------------------- > > Key: MESOS-4757 > URL: https://issues.apache.org/jira/browse/MESOS-4757 > Project: Mesos > Issue Type: Bug > Reporter: Jie Yu > Assignee: Jie Yu > > Currently, we call os::su(user) after pivot_root. This is problematic because > /etc/passwd and /etc/group might be missing in container's root filesystem. > We should instead, get the uid/gids before pivot_root, and call > setuid/setgroups after pivot_root. -- This message was sent by Atlassian JIRA (v6.3.4#6332)